Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/_poZJvklbAqh3jP2K6-dITgfjgE.roa
File:                     _poZJvklbAqh3jP2K6-dITgfjgE.roa (raw, json)
Hash identifier:          /92aJ523PYlzwTJSWkZsdV9NObt6PgIzUkANpCeKD3w=
Subject key identifier:   FE:9A:19:26:F9:25:6C:0A:A1:DE:33:F6:2B:AF:9D:21:38:1F:8E:01
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       019427B5C5B769FD222E156F42BA77A27A6C
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/_poZJvklbAqh3jP2K6-dITgfjgE.roa
Signing time:             Thu 02 Jan 2025 15:50:11 +0000
ROA not before:           Thu 02 Jan 2025 15:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216003
IP address blocks:        89.29.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c5:b7:69:fd:22:2e:15:6f:42:ba:77:a2:7a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  2 15:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe9a1926f9256c0aa1de33f62baf9d21381f8e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:29:10:ce:62:1e:d8:43:92:f6:47:d4:81:37:
                    00:35:dc:cc:b5:a8:f3:25:5e:3f:87:fc:7a:10:00:
                    b9:67:fe:68:f6:84:b1:10:fa:65:1a:84:83:ab:65:
                    62:25:93:73:2b:25:4f:76:83:32:1d:e7:16:12:4b:
                    f1:e1:4a:76:b6:f8:c9:c0:bd:8e:9e:7a:da:ca:03:
                    b2:37:db:d5:f2:12:09:23:b3:d7:76:9f:d9:53:26:
                    57:5a:51:c3:f7:ce:76:0a:ad:7e:56:65:a4:75:34:
                    99:e1:09:58:28:80:ae:67:f8:75:b8:0e:0f:92:ac:
                    80:a4:7c:51:fe:7e:d6:02:61:0a:05:4c:eb:4b:e4:
                    0c:77:6c:f3:fe:80:73:c0:55:4d:4e:8e:0e:c3:f8:
                    3f:0e:66:8f:75:73:7d:0a:27:13:7d:32:71:3a:46:
                    4d:5c:e9:05:76:ab:57:8f:98:1f:ee:40:d7:8e:9a:
                    6d:a3:c9:0e:20:44:84:07:fc:22:3d:26:76:12:c9:
                    cd:9d:bb:5c:92:6b:00:0d:fe:c3:f3:5c:0b:9c:64:
                    eb:d2:bd:20:dc:a5:db:f6:03:24:3b:5a:77:b0:98:
                    1a:f5:52:fd:ca:42:6d:f6:26:37:56:cf:06:8a:23:
                    d1:ac:fc:9f:da:9e:2a:33:eb:94:c2:a9:88:7d:3c:
                    8f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9A:19:26:F9:25:6C:0A:A1:DE:33:F6:2B:AF:9D:21:38:1F:8E:01
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/_poZJvklbAqh3jP2K6-dITgfjgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:0e:a7:89:fe:fb:a8:84:00:84:a1:a4:ba:15:9e:2f:8b:81:
         ad:29:cb:d5:f8:c8:a7:82:09:0f:d4:d2:5e:87:15:0d:1f:9c:
         8a:02:f5:48:4a:49:4d:5f:d0:e0:c9:99:77:65:2c:9c:e0:e4:
         e1:ec:a9:23:7d:b2:ea:c5:84:d5:36:98:7e:03:9f:13:7a:2d:
         9a:4b:09:bb:e2:9d:7f:36:6b:36:5f:cc:fb:14:9d:cd:6d:ed:
         97:74:25:b3:11:8e:54:49:b2:c2:5a:36:66:26:11:cb:7d:b7:
         f5:88:54:29:83:16:3e:d1:55:67:c6:06:a2:c8:1a:fc:2c:b4:
         89:35:2e:0b:de:5f:d5:2d:c4:9b:bf:5f:47:f6:a7:a6:2e:7b:
         70:a0:46:22:48:a7:4f:27:12:6a:a1:ef:95:25:26:90:05:50:
         59:3d:05:3a:2d:e0:8a:58:a5:c2:c8:6d:b5:16:b9:72:71:e4:
         fd:5c:68:74:97:f6:41:e8:1c:9c:01:73:e4:29:a1:87:21:53:
         42:63:23:0c:4b:bb:9b:5d:2f:15:e1:f7:c7:78:65:2b:bc:83:
         8e:04:ad:a4:62:af:98:ae:9c:a5:35:53:55:f4:a9:10:e1:44:
         68:ca:01:ee:92:a6:aa:9e:f7:61:c7:00:3d:31:65:82:28:45:
         5a:28:9d:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntcW3af0iLhVvQrp3onpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjUwMTAyMTU1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTlhMTkyNmY5MjU2YzBhYTFkZTMzZjYyYmFmOWQyMTM4MWY4ZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSkQzmIe2EOS9kfUgTcANdzMtajz
JV4/h/x6EAC5Z/5o9oSxEPplGoSDq2ViJZNzKyVPdoMyHecWEkvx4Up2tvjJwL2O
nnraygOyN9vV8hIJI7PXdp/ZUyZXWlHD9852Cq1+VmWkdTSZ4QlYKICuZ/h1uA4P
kqyApHxR/n7WAmEKBUzrS+QMd2zz/oBzwFVNTo4Ow/g/DmaPdXN9CicTfTJxOkZN
XOkFdqtXj5gf7kDXjppto8kOIESEB/wiPSZ2EsnNnbtckmsADf7D81wLnGTr0r0g
3KXb9gMkO1p3sJga9VL9ykJt9iY3Vs8GiiPRrPyf2p4qM+uUwqmIfTyPgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6aGSb5JWwKod4z9iuvnSE4H44BMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvX3BvWkp2a2xiQXFoM2pQMks2LWRJVGdmamdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWR38MA0G
CSqGSIb3DQEBCwUAA4IBAQBbDqeJ/vuohACEoaS6FZ4vi4GtKcvV+MinggkP1NJe
hxUNH5yKAvVISklNX9DgyZl3ZSyc4OTh7KkjfbLqxYTVNph+A58Tei2aSwm74p1/
Nms2X8z7FJ3Nbe2XdCWzEY5USbLCWjZmJhHLfbf1iFQpgxY+0VVnxgaiyBr8LLSJ
NS4L3l/VLcSbv19H9qemLntwoEYiSKdPJxJqoe+VJSaQBVBZPQU6LeCKWKXCyG21
FrlyceT9XGh0l/ZB6BycAXPkKaGHIVNCYyMMS7ubXS8V4ffHeGUrvIOOBK2kYq+Y
rpylNVNV9KkQ4URoygHukqaqnvdhxwA9MWWCKEVaKJ0j
-----END CERTIFICATE-----